package br.sed.theenemy.business.utils;

import java.util.regex.Pattern;



/**
 * Class responsible for validating strings against XSS code.
 * 
 * @author <a href="mailto:joaob@ciandt.com">Jo�o Paulo Bassinello</a>
 * @author <a href="mailto:cgaspar@ciandt.com">Carlos Gaspar</a>
 */
public class AvoidXss {
    
    public static final int ACTION_ERROR = 3;
    
    // Regular expression that contains all possible javascript events 
    private static final String BLACK_LIST_REGEXP = "(.*(?i)a(?i)l(?i)e(?i)r(?i)t\\s*\\(.*" + "|.*<\\s*(?i)s(?i)c(?i)r(?i)i(?i)p(?i)t.*>.*"
            + "|.*(?i)j(?i)a(?i)v(?i)a(?i)s(?i)c(?i)r(?i)i(?i)p(?i)t:.*" + "|.*(?i)o(?i)n(?i)a(?i)b(?i)o(?i)r(?i)t=.*" + "|.*(?i)o(?i)n(?i)b(?i)l(?i)u(?i)r=.*"
            + "|.*(?i)o(?i)n(?i)c(?i)h(?i)a(?i)n(?i)g(?i)e=.*" + "|.*(?i)o(?i)n(?i)c(?i)l(?i)i(?i)c(?i)k=.*"
            + "|.*(?i)o(?i)n(?i)d(?i)b(?i)l(?i)c(?i)l(?i)i(?i)c(?i)k=.*" + "|.*(?i)o(?i)n(?i)e(?i)r(?i)r(?i)o(?i)r=.*"
            + "|.*(?i)o(?i)n(?i)f(?i)o(?i)c(?i)u(?i)s=.*" + "|.*(?i)o(?i)n(?i)k(?i)e(?i)y(?i)d(?i)o(?i)w(?i)n=.*"
            + "|.*(?i)o(?i)n(?i)k(?i)e(?i)y(?i)p(?i)r(?i)e(?i)s(?i)s=.*" + "|.*(?i)o(?i)n(?i)k(?i)e(?i)y(?i)u(?i)p=.*" + "|.*(?i)o(?i)n(?i)l(?i)o(?i)a(?i)d=.*"
            + "|.*(?i)o(?i)n(?i)m(?i)o(?i)u(?i)s(?i)e(?i)d(?i)o(?i)w(?i)n=.*" + "|.*(?i)o(?i)n(?i)m(?i)o(?i)u(?i)s(?i)e(?i)m(?i)o(?i)v(?i)e=.*"
            + "|.*(?i)o(?i)n(?i)m(?i)o(?i)u(?i)s(?i)e(?i)o(?i)u(?i)t=.*" + "|.*(?i)o(?i)n(?i)m(?i)o(?i)u(?i)s(?i)e(?i)o(?i)v(?i)e(?i)r=.*"
            + "|.*(?i)o(?i)n(?i)m(?i)o(?i)u(?i)s(?i)e(?i)u(?i)p=.*" + "|.*(?i)o(?i)n(?i)r(?i)e(?i)s(?i)e(?i)t=.*"
            + "|.*(?i)o(?i)n(?i)r(?i)e(?i)s(?i)i(?i)z(?i)e=.*" + "|.*(?i)o(?i)n(?i)s(?i)e(?i)l(?i)e(?i)c(?i)t=.*"
            + "|.*(?i)o(?i)n(?i)s(?i)u(?i)b(?i)m(?i)i(?i)t=.*" + "|.*(?i)o(?i)n(?i)u(?i)n(?i)l(?i)o(?i)a(?i)d=.*" + "|\\\\" + "|\\/" + "|=" + "|;" + ")+";

    // compiled pattern for reuse
    private static final Pattern BLACK_LIST_REGEXP_PATTERN = Pattern.compile(BLACK_LIST_REGEXP, Pattern.CASE_INSENSITIVE);
    
    /**
     * Checks possible existence of XSS..
     * 
     * @param s String to be tested for XSS code.
     * @return true If the string contains XSS code; false, otherwise.
     */
    public static boolean isPossibleXssAttack(final String s) {

        if (ValidationUtil.isNullOrEmpty(s)) {
            return false;
        }        

        return BLACK_LIST_REGEXP_PATTERN.matcher(s).find();
    }
    
    /**
     * Change symbols < > by &lt; and &gt;.
     * 
     * @param parameter
     *            parameter to be validated
     * @return parameter with the strings changed
     * @throws XssException XssException
     */
    public static String withReplaceHtmlTags( final String parameter) {

        if (ValidationUtil.isNullOrEmpty(parameter)) {
            return null;
        }

        String ret = parameter.replaceAll("<", "&lt;");
        ret = parameter.replaceAll(">", "&gt;");

        return ret;

    }

}
